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DETAILED ACTION 

1 . This is a final office action in response to remarks filed on 17 August 2007. 
Claims 30-50 were amended. No claims were canceled or added. Claims 30-50 are 
pending. 

Response to Arguments 

2. Applicant's arguments with respect to claims 30-50 have been considered but are 
not persuasive. 

3. Applicant argued Shambroom-Wood does not disclose the amendment in which 
each authentication mechanism specifies a type of information necessary to verify the 
identity of a client computer system, however examiner respectfully disagrees. The 
amendment has not been given patentable weight because the recitation occurs in the 
preamble. A preamble is generally not accorded any patentable weight where the body 
of the claim does not depend on the preamble for completeness but, instead, the 
process steps or structural limitations are able to stand alone. See In re Hirao, 535 F.2d 
67, 190 USPQ 15 (CCPA 1976) and Kropa v. Robie, 187 R2d 150, 152, 88 USPQ 478, 
481 (CCPA 1951). 

4. In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F.2d 413, 208 
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USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 
1986). 

Summary of Claimed Invention 

5. The claimed invention describes a server first receiving authentication 
instructions from a controlling client computer system, then receiving a request from a 
client to access a service provided by the server and lastly authenticating the client for 
the first time. The invention uses conventional authentication methods, e.g. basic HTTP 
authentication. In the same field of endeavor, the applied references teach the same. 

Claim Rejections - 35 USC §103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 30-33, 35, 38-41, 43, and 46-49 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Shambroom (U.S. Patent 5,923,756) in view of Wood et al. 
(U.S. Patent 6,691,232), hereafter referred to as Wood. 

8. Regarding claim 30, Shambroom disclosed a method in a server computer of 
authenticating client computer systems, the method comprising: 
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storing, for each of the client computer systems, an indication of an 
authentication mechanism that can be used to authenticate the client computer system 
(see col. 3 line 60 - col. 4 line 4: two authentication schemes are used when 
authenticating a client with a destination server by way of an intermediary network 
server. An indication of which authentication scheme to use during authentication must 
be stored), the indications being stored based on receiving from a controlling client 
computer system a plurality of instructions, each instruction identifying a client computer 
system and identifying at least one authentication mechanism that can be used to 
authenticate the client computer system, each client computer system being a separate 
computer system from the controlling client computer system (The Key Distribution 
Center 400 sends authentication information to the network server 300 for 
authenticating client 200, see fig. 3 #354, col. 8 lines 27-44) 

after receiving an instruction for a client computer system and before 
authenticating that client computer system, receiving a request from that client computer 
system to access a service of the server computer system, the request including a 
purported identity of that client computer system (Client sends a request to the 
destination server 500 prior to authorization, see fig. 3 #358, col. 9 lines 1-9. The 
request inherently includes the identity of the requesting client computer system)] and 

upon receiving the request from that client computer system to access a service 
of the server computer, initially authenticating that client computer system using the 
authentication mechanism based on the information necessary to verify the purported 
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identity of that client computer system (The client is authenticated before being 
connected to the destination server, see fig. 3 #360, #362, #364, col. 9 lines 15-45). 

Shambroom did not explicitly disclose selecting from among multiple 
authentication mechanisms, i.e. at least some client computer systems having multiple 
authentication mechanisms that can be used to authenticate the client computer 
systems and when that client computer system can be authenticated using multiple 
authentication mechanisms, selecting an authentication mechanism and wherein the 
authentication mechanism being selected from multiple authentication mechanisms 
based on authentication abilities indicating authentication methodologies that the client 
computer system supports and access rights of the client computer system to access 
resources. 

However in a related art, Wood disclosed presenting a user with multiple suitable 
authentication schemes and allowing the user to select one (see col. 11 lines 36-41). A 
variety of credential types, e.g. username/password pairs, are used for different levels 
of authentication (see col. 1 1 lines 30-65). An^authentication scheme is deemed 
suitable when it meets or exceeds the required trust level in the current environment 
(see col 11 lines 14-23, 31-33). 

It would have been obvious to one of ordinary skill in this art at the time of 
invention to incorporate Wood's choice of authentication mechanisms into 
Shambroom's authentication system to provide more details on how a user should be 
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authenticated and thereby further improve system security (see Shambroom col. 3 lines 
33-35, col. 4 lines 46-61). 

9. Regarding claim 31 , Shambroom-Wood disclosed at least one of the plurality of 
instructions indicates that multiple authentication mechanisms can be used to 
authenticate a client computer system and wherein that client computer system is 
authenticated using one of the indicated authentication mechanisms (see Wood col. 1 1 
lines 30-67). 

10. Regarding claim 32, Shambroom-Wood disclosed the plurality of instructions 
indicate that the same authentication mechanism is to be used to authenticate multiple 
client computer systems and wherein the multiple client computer systems are 
authenticated using the indicated authentication mechanism (see Wood col. 7 lines 35- 
40, col. 8 lines 3-18: plurality of client systems authenticate with the gatekeeper/entry 
handler component 110, which uses client type to determine which authentication 
mechanism should be used. When there are multiple clients of the same type to be 
authenticated, the clients will be authenticated by the same authentication mechanism). 

1 1 . Regarding claim 33, Shambroom-Wood disclosed the plurality of instructions 
indicate that multiple authentication mechanisms can be used to authenticate multiple 
client computer systems and wherein the multiple client computer systems are 
authenticated using one of the indicated authentication mechanisms (see Wood col. 7 
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lines 35-40; col. 1 1 lines 30-67; the user/client is allowed to choose credential types to 
be used to authenticate to the server, all the users can use a particular method of 
authentication, i.e. certificate authority). 

12. Regarding claim 35, Shambroom-Wood disclosed a basic HTTP authentication 
(see Wood col. 12 lines 25-30). 

13. Regarding claims 38-41 and 43, the claims are rejected for the same reasons as 
the rejections to claims 30-33 and 35 above respectively. 

14. Regarding claims 46-49, the claims are rejected for the same reasons as the 
rejections to claims 30-33 above respectively. 

15. Claims 34, 36-37, 42, 44-45, and 50 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Shambroom-Wood as applied to claims 30, 38, and 49 above, 
further in view of AAPA (Applicant Admitted Prior Art). 

16. Regarding claim 34 and 42, Shambroom-Wood disclosed the invention, 
substantially as claimed, as described in claims 30 and 38, but did not explicitly disclose 
an assertion authentication. 

However, AAPA disclosed assertion methodology is a way of authenticating 
between client and server (see for example AAPA specification pg 3 lines 1-3). It would 
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have been obvious to one of ordinary skill in this art at the time of invention to combine 
the teachings of Wood-Lim and AAPA because the teaching of AAPA to allow assertion 
would improve the trust in between the two systems, as both sides agree to trust each 
other initially. Furthermore, Shambroom-Wood's system supports plurality of 
authentication mechanisms and therefore it would have been obvious to incorporate 
assertion methods with the teachings of Shambroom-Wood to improve the functionality 
of Shambroom-Wood by allowing for more choices for authentication. 

17. Regarding claims 36 and 44, Shambroom-Wood disclosed the invention, 
substantially as claimed, as described in claims 30 and 38, but did not explicitly disclose 
digest authentication. However, AAPA disclosed a digest method (see for example pg 3 
lines 10-22). It would have been obvious to one of ordinary skill in this art at the time of 
invention to combine the teachings of Shambroom-Wood and AAPA, the rationale to 
combine is discussed in claims 34 and 42 above. 

18. Regarding claims 37 and 45, Shambroom-Wood disclosed the invention, 
substantially as claimed, as described in claims 30 and 38, but did not explicitly disclose 
an NTLM authentication. However, AAPA disclosed NTLM authentication method (see 
for example pg 3 lines 23-24). It would have been obvious to one of ordinary skill in this 
art at the time of invention to combine the teachings of Shambroom-Wood and AAPA, 
the rationale to combine is discussed in claims 34 and 42 above. 
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19. Regarding claim 50, the claim is rejected for the same reasons as the rejection to 
the combination of claims 34-37 and 42-45 above. 

Conclusion 

20. Examiner's Note: Examiner has cited particular columns and line numbers in 
the references applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings of the art and are 
applied to specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant in preparing 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the Examiner. 

In the case of amending the claimed invention, Applicant is respectfully 
requested to indicate the portion(s) of the specification which dictate(s) the structure 
relied on for proper interpretation and also to verify and ascertain the metes and bounds 
of the claimed invention. 

21 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

22. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Angela Widhalm whose telephone number is (571) 272- 
1035. The examiner can normally be reached M-F, 9:00 am - 5:30 pm. If attempts to 
reach the examiner by telephone are unsuccessful, the examiner's supervisor, Bunjob 
Jaroenchonwanit can be reached on (571) 272-3913. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
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USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Angela Widhalm 
Examiner 
Art Unit 21 52 
26 October 2007 
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